We're working in a shared repository where we're not the owner. Our AAD accounts have been invited - username#domain.com. We have no issues accessing the Git repo.
THE ISSUE: We can't access the NuGet repo. We can access it in ADO and see all the artifacts. However, when we try to pull the repo in VS, we get a 401 Unauthorized.
The workaround is to use a personal Microsoft Account (MSA). That's understandably not a good idea - it's customer work.
THE QUESTION: Is ADO's NuGet feature only supported by MSA and not AAD accounts when the invited AAD account isn't part of the owner organization? Is this a hard limit?
Thanks!
Authentication with Azure Artifacts can be a bit of a pain... but it works (even with guest AAD accounts). I am using it like this every day. If you can download the file from the feed via the UI, you will also be able to download it via VisualStudio or other tools.
VisualStudio should have no issue at all when talking to the feed, at least if it is a somewhat current version. For VSCode and others you should try the Azure Artifacts Credential Provider and run something along these lines: dotnet restore --interactive
Related
I have created a web app in ASP.NET. I want to deploy this on Microsoft Azure. I have been given an account from my IT company. We need subscription to deploy on Azure, for sure. Then, I have been added as co-admin to subscription by my company, but still I am not able to integrate my account with Visual Studio. Do I need to do any setting? Or, this permission is also not enough ?
Co-admin on subscription is definitely enough. You are allowed to do anything in the subscription. Have you tried logging in to https://portal.azure.com with the account?
EDIT: Try opening a new Incognito/InPrivate window with no logins active, and try again with the credentials, making sure they are the ones that are co-admin.
We've enabled multi-factor authentication for our Azure subscription and it seems to work fine when logging on to the portal, but when I try to deploy a web service from Visual Studio it just goes ahead and does it without so much as confirming my password.
This is completely unacceptable for us, it must absolutely require prompting for both a password and an SMS code in order to able to deploy. Deploying something incorrectly, accidentally or without sufficient authorization has the potential to severely compromise the integrity of our service.
When you configure Visual Studio on the developer machine to connect to Azure subscription, did you uncheck "Remember Password" for login screen and "Trust this computer"?
Secondly, you can provide the developer only Read permission on the underlying artifact (i.e. Web App or Cloud Service) using the Role-Based Access Control (RBAC). To deploy, they would have to use deployment credentials.
I followed the steps as per
https://github.com/OfficeDev/O365-WebApp-MultiTenant and added the connected service. However this does not register the app under Windows Azure Active Directory Applications. I have properly linked my office 365 account into Azure. However when I add the connected service it is still empty. Is this a known issue and what is the work around?
No, this isn't a known issue. The "Add Connected Service" wizard is not generating a client ID and secret in your web.config?
As a workaround you could login to the Azure Management Portal and register the app manually, then put the client ID and secret into your web.config.
I just had the same issue and spend some hours on it. Finally it turns out that I had used a user account to log in in visual studio that was assigned to a different MS Azure account.
In my case I was using the user of production environment instead of my own developer account to log in.
I am very new in TFS 2010. I have setup my PC as server. I need to connect the client machine with this server. I have added a Service Account in TFS console. The client machine are connected with this account.
Now, my question is that, is the Service Account is intended to connect the client with server?
Can anyone explain me the purpose of this account?
Also I need to know, how to find(or setup) the TFS admin?
Are you referring to the "TFSSERVICE" service account from the installation guide? That account is used to run various services related to TFS, for example the TFS Task Scheduler. It should have the minimum privileges possible on the machine.
The client should not connect to the server with a service account, they should be using their own account which you grant access to the relevant repositories in TFS. If you connect all clients with the service account, how will you know who checked in each changeset?
You might find the installation guide of use which can be found here. See section entitled "Accounts Required for Installation of Team Foundation Components".
If you are using a domain, you should be able to follow the instructions in this article for how permissions work in TFS. You can allocate permissions to resources from the Team Explorer pane within Visual Studio.
If you're using TFS in a workgroup then it's a little different as you need to set up local accounts for your users. See this article.
I am just starting out with Team Foundation Server 2008, and one of the hangups I've experienced is the following:
I create a new Team Project, as well as a Project Portal (which I believe is just a Sharepoint site). When I go to view the project portal in the browser, it prompts me for a username and password. I want it to use digest authentication (meaning it just uses my current domain credentials). I have this working on the Team Foundation site itself, but I cannot seem to get it working at all on the Project Portal sites that TFS creates for me.
Any thoughts? I've already attempted to set digest authentication on the Default Website as well as the Sharepoint Central Administration (v3) site, both of which did not fix my problem.
EDIT: I am running this on Windows Server 2003.
Check whether the pool account running the TFS sites is in your domain.
Your host may also not be in the 'Safe sites' / 'Intranet Zone' config in Internet Explorer, you can make it a trusted site and mark in the advanced options to send username and password.